Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...

GHSA-GG64-XXR9-QHJP Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-23633

Gogs (pre-0.13.4 and pre-0.14.0+dev) contains a path-traversal flaw in the Git hook editing endpoint that allows arbitrary file read/write via the :name parameter in /username/reponame/settings/hooks/git/:name. The vulnerability arises from URL-decoding the parameter and using it to build file pa...

CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111 Gogs's update .git/config file allows remote command execution

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111 Gogs's update .git/config file allows remote command execution

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-64111

Summary: CVE-2025-64111 affects Gogs prior to 0.13.4 and 0.14.0+dev, where an insufficient patch for CVE-2024-56731 lets an attacker update files in the .git directory via the API router and achieve remote code execution (RCE). Documents confirm the root cause relates to UpdateRepoFile checks inv...

CVE-2025-64111 Gogs's update .git/config file allows remote command execution

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

EUVD-2025-206887

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier had an operating system command injection...

Ubuntu: Security Advisory (USN-8012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gogs 路径遍历漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions prior to 0.13.3 have a path traversal vulnerability; this...

PT-2026-6859

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

PT-2026-6863

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...

PT-2026-6745

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...